Written By Alan Zeichick And Presented By Chuck Leaver
Ransomware is genuine, and is striking people, organisations, schools, medical facilities, local governments – and there’s no sign that ransomware is stopping. In fact, it’s probably increasing. Why? Let’s be honest: Ransomware is probably the single most reliable attack that cyber criminals have ever developed. Anybody can develop ransomware utilizing readily available tools; any money received is likely in untraceable Bitcoin; and if something goes wrong with decrypting somebody’s hard disk, the cyber criminal isn’t really impacted.
A business is hit with ransomware every forty seconds, according to some sources, and sixty percent of malware problems were ransomware. It strikes all sectors. No industry is safe. And with the increase of RaaS (Ransomware-as-a-Service) it’s going to become worse.
Fortunately: We can fight back. Here’s a four-step fight strategy.
Excellent Standard Hygiene
It starts with training workers the best ways to deal with destructive emails. There are falsified messages from service partners. There’s phishing and target spearphishing. Some will get through e-mail spam/malware filters; workers have to learn not to click links in those messages, or naturally, not to give permission for plugins or apps to be installed.
Even so, some malware, like ransomware, is going to get through, typically exploiting out-of-date software applications or unpatched systems, just like in the Equifax breach. That’s where the next step comes in:
Making sure that all end points are completely patched and completely current with the current, most secure os, applications, utilities, device drivers, and code libraries. In this way, if there is an attack, the endpoint is healthy, and is able to best eradicate the infection.
Ransomware isn’t really an innovation or security issue. It’s a company issue. And it’s a lot more than the ransom that is demanded. That’s nothing compared with loss of efficiency due to downtime, poor public relations, disgruntled customers if service is disrupted, and the cost of rebuilding lost data. (And that assumes that important copyright or secured monetary or consumer health data isn’t really stolen.).
What else can you do? Backup, backup, backup, and protect those backups. If you don’t have safe, guaranteed backups, you can’t bring back data and core infrastructure in a timely style. That includes making daily snapshots of virtual machines, databases, applications, source code, and configuration files.
Businesses need tools to find, recognize, and prevent malware like ransomware from spreading. This requires continuous monitoring and reporting of exactly what’s taking place in the environment – including “zero day” attacks that have not been seen prior to this. Part of that is monitoring endpoints, from the smart phone to the PC to the server to the cloud, to ensure that endpoints are up-to-date and safe and secure, and that no unexpected modifications have actually been made to their underlying setup. That way, if a machine is contaminated by ransomware or other malware, the breach can be detected quickly, and the machine separated and closed down pending forensics and recovery. If an endpoint is breached, fast containment is crucial.
The 4 Tactics.
Good user training. Upgrading systems with patches and repairs. Supporting whatever as often as possible. And utilizing tracking tools to help both IT and security teams spot issues, and react quickly to those issues. When it pertains to ransomware, those are the four battle tested tactics we need to keep our services safe.
You can learn more about this in a brief 8 minute video, where I talk to numerous market professionals about this problem: